1. Technical Field
The present invention relates to apparatus and methods for providing security in Ethernet-based media independent interface communications.
2. Background Art
Local area networks use a network cable or other network media to link nodes (e.g., workstations, routers and switches) to the network. Each local area network architecture uses a media access control (MAC) enabling a network interface device at each network node to share access to the media.
Physical (PHY) layer devices are configured for translating digital data packet received from a MAC across a standardized interface, e.g. a media independent interface (NM), into an analog signal for transmission on the network medium, and reception of analog signal transmitted from a remote node via the network medium. An example is the 100 BASE-TX IEEE standard 802.3u receiver, configured for receiving a 3-level MLT-3 encoded analog signal at a 125 Mb/s rate.
FIG. 1 is a diagram illustrating a conventional repeater network. The network 10 includes a repeater 12 configured for transmitting a data packet received on an input port to the other ports for reception by the respective network nodes 14. For example, assume that node (i.e., workstation) 14a transmits a data packet via the network medium 16. The transmitted data packet is received by a physical layer transceiver (PHY) 20a which recovers the digital data from the transmitted analog signal. As recognized in the art, the PHY transceiver 20a may be a 100 Base-TX IEEE standard 802.3u receiver, configured for receiving a 3-level MLT-3 encoded analog signal at a 125 Megabit per second rate, and configured for output of the transmit data as nibble-wide (4 bits) or byte-wide transmit data (TXD) to the MII 18 between the PHY 20a and the repeater 12. The repeater 12, upon receiving the transmit data from the PHY transceiver 20a, retransmits the transmit data to all the other ports for transmission by the other PHY transceivers (e.g., 20b, 20c, and 20d). The network stations 14 of the other ports will ignore the packet unless the destination address of the pack's matches the network stations own address. One problem with the arrangement is that any network node can eavesdrop on all packets that are transmitted on the network. Hence, an unauthorized workstation 14e may eavesdrop on all data packets by obtaining access to a repeater port.
Newer repeater architectures have proposed reducing the number of pins on the repeater core by bussing common signals such as the MII transmit data (TXD [3:0]), receiver data (RXD [3:0]), receive clock (RX_CLK), receive data valid (RX_DV), and receive error (RX_ER) signals. These pins can be shared because only one port should be sourcing data at any given time. If more than port sources data then there is a collision, and the actual data that are sourced is a don't-care situation.
The bussing of MII signals, however, further reduces the ability to individually control the data which is transmitted on each port, such that each port of the repeater 12 transmits either valid data when TX_EN is asserted, or does not transmit any data at all. Hence, the unauthorized workstation 14e can more effectively eavesdrop on all data packets by obtaining access to the bussed RXD signal path. Although repeater port access may be somewhat controlled by asserting the transmit enable (TX_EN) signal concurrently with the transmit error (TX_ER) signal, such a proposal generates error symbols despite the presence of valid data. In 100 Mb/s IEEE 802.3 systems, such generation of error symbols may create difficulties in MAC management schemes, since the receiver network node would see an artificially high number of symbol errors. In addition, in 10 Mb/s IEEE 802.3 systems, the TX_ER signal is ignored so that there is no capability to corrupt transmit data in this mode.